Language Selection

English French German Italian Portuguese Spanish

Security News

Filed under
Security
  • Security updates for Tuesday
  • EU updates smartphone secure development guideline

    The European Union Agency for Network and Information Security (ENISA) has published an updated version of its Smartphone Secure Development Guidelines. This document details the risks faced by developers of smartphone application, and provides ways to mitigate these.

  • CloudLinux 7 Users Get New Beta Linux Kernel Update That Addresses CVE-2017-6074

    CloudLinux's Mykola Naugolnyi announced today the availability of a new Beta kernel for the CloudLinux 7 operating system series, which patches a recently discovered and critical security flaw.

  • Linus Torvalds shrugged off warnings about 'insecure' SHA-1 in 2005

    LINUX FOUNDER Linus Torvalds was warned in 2005 that the use of the SHA-1 hash to sign code in Linux and Git was insecure and urged to shift to something better protected, but rejected the advice outright.

    Free software evangelist John Gilmore warned Torvalds ten years ago that "SHA1 has been broken; it's possible to generate two different blobs that hash to the same SHA1 hash".

    Gilmore penned his warning to Torvalds in April 2005, when MD5 had already been cracked and SHA1 remained "hard to crack" - but still crackable.

  • Subversion SHA1 Collision Problem Statement — Prevention and Remediation Options

    You probably saw the news last week that researchers at Google had found a scenario where they were able to break the SHA1 algorithm by creating two PDF files with differing content that produced the same hash. If you are following this story then you may have also seen that the Webkit Subversion repository had problems after a user committed these example files to their repository so that they could be used in test cases for SHA1 collisions.

  • making git-annex secure in the face of SHA1 collisions

    git-annex has never used SHA1 by default. But, there are concerns about SHA1 collisions being used to exploit git repositories in various ways. Since git-annex builds on top of git, it inherits its foundational SHA1 weaknesses. Or does it?

  • SSH Fingerprint Verification via Tor

    OpenSSH (really, are there any other implementations?) requires Trust on First Use for fingerprint verification.

    Verification can be especially problematic when using remote services like VPS or colocation.

    How can you trust that the initial connection isn’t being Man In The Middle’d?

  • Almost all Windows vulnerabilities are enabled by liberal 'admin rights'

    NEARLY OF THE VULNERABILITIES THAT AFFECT Microsoft's Windows operating system could be mitigated through a little careful control.

    Avecto, a security company, is the source of the latest revelation in this direction, and it says that 94 per cent of security problems could have been killed off if admin rights had been removed from the affected computer.

    This makes a lot of sense, since a computer that cannot be molested by a user cannot be molested by a third party. 94 per cent is just one example of the differences that can be made and Avecto says that in the case of Internet Explorer 100 per cent of risks are mitigated when rights are removed.

  • More on Bluetooth Ingenico Overlay Skimmers

    This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store self-checkout lanes. I’m revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles.

"Almost All Windows vulnerabilities are enabled by liberal admin

MS already has almost total control over the systems of Win10 users, now they just need a little more to make it "safe." I call BS.

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
--Benjamin Franklin, 1759

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Huawei Mate9

Generally this is a decent phone. As a replacement for a failed Nexus 6P it’s pretty good. But at this time I tend to recommend not buying it as the first generation of Pixel phones are now cheap enough to compete. If the Pixel XL is out of your price range then instead of saving $130 for a less secure phone it would be better to save $400 and choose one of the many cheaper phones on offer. Read more

Today in Techrights

today's leftover

  • DXVK Is Making Some Steadfast Progress In Running Direct3D 11 Over Vulkan
    Last month on Phoronix I featured the DXVK project that's working to implement Direct3D 11 over Vulkan (not to be confused with VK9 as the separate effort to get D3D9 over Vulkan). This project is making a surprising amount of progress in its early stages.
  • How to Search PDF Files from the Terminal with pdfgrep
  • Librsvg moves to Gitlab
    Librsvg now lives in GNOME's Gitlab instance. You can access it here. Gitlab allows workflows similar to Github: you can create an account there, fork the librsvg repository, file bug reports, create merge requests... Hopefully this will make it nicer for contributors.
  • Debsources now in sources.debian.org
    Debsources is a web application for publishing, browsing and searching an unpacked Debian source mirror on the Web. With Debsources, all the source code of every Debian release is available in https://sources.debian.org, both via an HTML user interface and a JSON API. This service was first offered in 2013 with the sources.debian.net instance, which was kindly hosted by IRILL, and is now becoming official under sources.debian.org, hosted on the Debian infrastructure.
  • Which one is for you? Compare Gear S3, Gear Sport or Gear Fit2 Pro
  • Ubucon Europe 2018 Ubuntu Conference Announced for 27-29 April in Xixón, Spain
    The organizers of the Ubucon Europe conference for Ubuntu Linux users, contributors and developers announced the official dates next year's Ubucon Europe 2018 event. Don't pack your bags just yet for the next Ubuntu conference, but at least you should mark your calendars for April 27, 28, and 29 of 2018, when the Ubucon Europe 2018 conference will take place. Where? The event will be held in Spain this time, in the city of Xixón, at the municipal facilities of Centro de Cultura Antiguo Instituto. "Ubucon Europe 2018 will be held this year in Xixón, Spain on 27, 28 and 29 April 2018 in the Spanish city of Xixón at the municipal facilities of the Antiguo Instituto. For further information please write to ubuconeurope2018 AT gmail.com," wrote the organizers in a tweet earlier this morning.
  • #13: (Much) Faster Package (Re-)Installation via Binaries
  • RVowpalWabbit 0.0.10

Ataribox and Chromebooks

  • Ataribox preorders and crowdfunding campaign open on December 14
    Atari will start taking preorders for its Ataribox game console starting December 14. The New York company will also start its crowdfunding campaign on Indiegogo at that time. In an email blast, Atari said, “We at Atari are thrilled to introduce you to our first new gaming hardware in over 20 years. Welcome to Ataribox. Preorders will officially open on December 14, 2017. Our community is the absolute backbone of Atari, and we’d like to offer our earliest supporters a chance to grab Ataribox at an exclusive discount. Keep an eye on that inbox for your chance to order yours.”
  • Chromebooks and Office 365 together will challenge Windows laptops
    It's no secret that I'm not a Windows fan. I'm beginning to wonder if Microsoft isn't either. Hear me out. On Nov. 27, Chromebook users discovered that Office 365 would run on some of their laptops. To be exact, we now know you can download and run Office 365 on Samsung Chromebook Pro, Pixelbook, Acer Chromebook 15, and the Acer C771.